Skills
skills/askeluv/nansen-cli/nansen-web-fetcher/Gen Agent Trust Hub

nansen-web-fetcher

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the nansen-cli package from the npm registry. This package provides the command-line utility for web fetching.
  • [COMMAND_EXECUTION]: The skill executes the nansen CLI tool through the Bash shell to retrieve content from external URLs.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes content from arbitrary external URLs and passes it directly to an LLM.
  • Ingestion points: External URL content fetched via the nansen web fetch command in SKILL.md.
  • Boundary markers: The skill does not implement delimiters or 'ignore' instructions to separate fetched content from user prompts.
  • Capability inventory: Uses the Bash(nansen:*) tool to perform network and processing tasks.
  • Sanitization: No validation or sanitization is performed on the retrieved web content before it is analyzed by the AI.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 09:15 PM